Re: I-D ACTION:draft-ietf-openpgp-rfc2440bis-06.txt

"Michael Young" <mwy-opgp97@the-youngs.org> Mon, 12 August 2002 20:21 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA09902 for <openpgp-archive@odin.ietf.org>; Mon, 12 Aug 2002 16:21:29 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7CKBrk26293 for ietf-openpgp-bks; Mon, 12 Aug 2002 13:11:53 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7CKBkw26284 for <ietf-openpgp@imc.org>; Mon, 12 Aug 2002 13:11:51 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id PAA14006 for <ietf-openpgp@imc.org>; Mon, 12 Aug 2002 15:58:59 -0400 (EDT)
Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id QAA17982 for <ietf-openpgp@imc.org>; Mon, 12 Aug 2002 16:11:42 -0400 (EDT)
Message-ID: <002001c2423c$5aa79bc0$f0c12609@transarc.ibm.com>
From: "Michael Young" <mwy-opgp97@the-youngs.org>
To: "OpenPGP" <ietf-openpgp@imc.org>
References: <200208121726.g7CHQAw16824@above.proper.com> <Pine.LNX.4.30.QNWS.0208121051070.25997-100000@thetis.deor.org> <20020812183508.GD2319@akamai.com>
Subject: Re: I-D ACTION:draft-ietf-openpgp-rfc2440bis-06.txt
Date: Mon, 12 Aug 2002 16:10:48 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: "David Shaw" <dshaw@jabberwocky.com>
> 2440bis seems to say that v4 signatures require (MUST) an issuer subpacket 
...
> Come to think, both PGP and GnuPG create v4 signatures with a hashed
> timestamp, and an unhashed issuer.  Are they compliant? ;)

I don't think that the specification should require either.  It would be
fair to note that many implementations will be unable (or unwilling) to
interpret a signature without these things.

But even if the issuer remains a MUST, it certainly doesn't need
to be in the hashed material.  As it stands, the specification doesn't
say so exactly -- it merely suggests that they should be the first two
subpackets, which is silly if the timestamp is hashed but the issuer
is not.  I would just excise the suggestion entirely.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPVgWJVMkvpTT8vCGEQLEMwCfUnZsYv6w/jQVYjBttwFWq7Y8by4AnRAY
L1gn2QkotnPczcBtgFwcLJ/4
=tzg2
-----END PGP SIGNATURE-----